Modular toolkit toolchain

[eladb]

Current State

CDK apps can be deployed today using the CDK CLI (or CDK Toolkit). The toolkit is implemented as a monolithic program with no clear boundaries between the various stages. We would like to break up the monolithic process executed by the toolkit in order to synthesize, package and deploy a CDK app.

There a few reasons why we want to do this:

1. Security: isolate the "deploy" step such that no user code needs to run. This is very important from a security perspective because deployment commonly require administrator privileges on the AWS account, and we need to reduce the attack surface during that time (see feat(app-delivery): continuous delivery for CDK apps #2073, which currently has to run both build and deploy together in the same CodeBuild task).
2. Modularity: Allow tools to utilize the various steps used to deploy a CDK app inside other tools such as IDEs, deployment tools, etc.
3. Code Quality: the CLI's code base needs a fresh rewrite, along with complete unit test coverage and this is an opportunity to do that.

Requirements

• It should be possible to execute each component in the toolchain individually by feeding it the output from the previous step.
• Given a specific input, the output from each step must be completely reproducible (no side effects).
• Different components may require different execution environments and/or permissions to run. For example cdk-synth may need to be able to query the target AWS account in order to resolve environmental context, cdk-bundle may need to build docker images, cdk-deploy will need admin permissions in order to deploy the app.
• It should be possible to invoke each component as a jsii library from all supported languages.